[jira] [Updated] (OFBIZ-9730) [FB] Package org.apache.ofbiz.order.finaccount

Thu, 21 Sep 2017 03:18:20 -0700 

     [ 
https://issues.apache.org/jira/browse/OFBIZ-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Leichert updated OFBIZ-9730:
-----------------------------------
    Attachment: OFBIZ-9730_org.apache.ofbiz.order.finaccount_bugfixes.patch

class FinAccountHelper
 - line 49,50 : changed to final
 - added Locale
 - line 278 : concatenation now with Stringbuilder

> [FB] Package org.apache.ofbiz.order.finaccount
> ----------------------------------------------
>
>                 Key: OFBIZ-9730
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9730
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: order
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Priority: Minor
>         Attachments: 
> OFBIZ-9730_org.apache.ofbiz.order.finaccount_bugfixes.patch
>
>
> FinAccountHelper.java:49, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.decimals isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> FinAccountHelper.java:50, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.rounding isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> FinAccountHelper.java:139, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.order.finaccount.FinAccountHelper.getFinAccountFromCode(String,
>  Delegator)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> FinAccountHelper.java:278, SBSC_USE_STRINGBUFFER_CONCATENATION
> - SBSC: 
> org.apache.ofbiz.order.finaccount.FinAccountHelper.generateRandomFinNumber(Delegator,
>  int, boolean) concatenates strings using + in a loop
> The method seems to be building a String using concatenation in a loop. In 
> each iteration, the String is converted to a StringBuffer/StringBuilder, 
> appended to, and converted back to a String. This can lead to a cost 
> quadratic in the number of iterations, as the growing string is recopied in 
> each iteration.
> Better performance can be obtained by using a StringBuffer (or StringBuilder 
> in Java 1.5) explicitly.
> For example:
>   // This is bad
>   String s = "";
>   for (int i = 0; i < field.length; ++i) {
>     s = s + field[i];
>   }
>   // This is better
>   StringBuffer buf = new StringBuffer();
>   for (int i = 0; i < field.length; ++i) {
>     buf.append(field[i]);
>   }
>   String s = buf.toString();



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to